Debunking the Top SMB Myths

While small and medium-sized businesses have fewer resources and smaller budgets than larger enterprises, that doesn’t mean they lack proper cybersecurity practices. In a report released from Cisco last year, they reported on the state of cybersecurity within small businesses. They are debunking the top myths related to SMBs and cybersecurityy.

Myth 1: SMBs lack employees dedicated to security. The assumption is that SMBs have one person balancing all the aspects of IT management; however, less than 1% of all sized businesses do not have anyone dedicated to security. In fact, 72% of SMBs have employees dedicated to threat hunting, compared to 76% of large organizations.

Myth 2: SMBs face different threats than larger businesses. Ransomware doesn’t discriminate. Cybercriminals are attacking organizations of all sizes, and 43% of online attacks are specifically targeted towards small businesses.

Myth 3: Larger businesses suffer less downtime after a cyber-attack. The assumption with this myth is that SMBs lack the resources to rebound as fast as their larger counterparts when faced with an attack. However, data suggests there is little difference in the amount of downtime suffered. 24% of SMBs faced downtimes of more than 8 hours compared to larger organizations at 31%.

Myth 4: SMBs measure the efficiency of their security programs. It is actually fairly even. Survey information showed there is minimal difference in the use of metrics. 86% of SMBs have clear metrics for assessing the effectiveness of their security compared to 90% of large organizations.

Myth 5: Large businesses have more updated infrastructures. This myth is partially true. Almost all SMBs are diligent about keeping their infrastructure up to date. 42% of SMBs described their infrastructure as very up-to-date compared to 54% of large organizations. Following behind that, 52% of SMBs update their infrastructure regularly, compared to 41% of larger organizations.

While many SMB cybersecurity myths have been debunked, there is still room for improvements. Updated infrastructure, proper cybersecurity training for employees, and reducing vendor complexity are among some of the top improvements. If you’re interested in updating your systems and tools, contact us today for an assessment of your current environment.